[Openswan Users] no connection has been authorized

Jacco de Leeuw jacco2 at dds.nl
Sun Aug 7 20:00:28 CEST 2005


OK, the gateway firewall was doing DNAT to the Openswan server.
That was not indicated in the diagram.

Here are my new suggestions:

- Change 192.168.0.80 and 192.168.0.52 to something that is
   not a private IP address, e.g. 1.1.1.1 and 1.1.1.2.

- Don't use 10.0.0.0/8 for the internal network. If your users
   happen to use a 10.x.x.x network at home they won't be able
   to connect. Use 192.168.x.0/24 or 10.x.x.0/24 or something
   like that. Let's say you use 192.168.2.0/24 in the remainder.
   The Openswan server is at 192.168.2.1 and the gateway firewall
   doing NAT is at 192.168.2.2.

>     virtual_private=%v4:172.16.0.0/12,%v4:192.168.0.0/24

- Change this to:
 
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.2.0/24

>     compress=yes

- Compression is not supported by Windows clients so this will be ignored.

>     left=192.168.0.52
>     leftnexthop=10.0.0.2

- This will then become:

       left=192.168.2.1
       leftnexthop=192.168.2.2

>     leftsubnet=10.0.0.0/8

- Remove the leftsubnet line.

>     #rightsubnet=192.168.1.0/24

- This should be:

       rightsubnet=vhost:%no,%priv

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list